While sitting in Angus' cross-project session on oslo.privsep at the
Austin summit I believe I had a conversation with myself in my head that
Nova should stop adding new rootwrap filters and anything new should use
oslo.privsep.
For example:
https://review.openstack.org/#/c/182257/
However, we don't have anything in Nova using oslo.privsep directly. We
have os-brick and soon we'll have os-vif using oslo.privsep, but those
are indirect.
Looking at the change in Neutron for using privsep [1] it's pretty
complicated. So I'm struggling with requiring new changes to Nova that
require new rootwrap filters to use privsep when we don't have an
example in tree of how to do this.
Is anyone working on something like that yet that I haven't seen? If
not, has anyone thought about doing something or is interested in doing
it? Because I don't think it's really fair to prevent new things until
that happens - although the flip side to that is there isn't an example
until someone is forced to do it.
Other thoughts? Is anyone willing to help here? I'm assuming there will
need to be hand-holding from Angus at least initially.
[1] https://review.openstack.org/#/c/155631/
--
Thanks,
Matt Riedemann
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
